North America’s First Capture of a Large‑Scale SMS‑Bomb Rogue Tower in Toronto

1. Case Overview: Project Lighthouse

Toronto police received an alert from a cybersecurity partner about a suspicious rogue mobile tower operating in downtown Toronto, which became the starting point of the multinational investigation dubbed Project Lighthouse.

After months of tracking, raids in March 2026 at residences in Markham and Hamilton seized multiple SMS‑bomb devices and arrested two suspects; a third suspect surrendered on April 21 2026.

The three suspects—Da Feng Lin (27), Junmin Shi (25), and Weitong Hu (21)—face a total of 44 criminal charges.

2. Technical Breakdown: What Is an “SMS Bomb”?

2.1 How a rogue base station works

An SMS bomb (also called a “SMS bomber” or rogue base station) mimics a legitimate cellular tower and exploits signaling vulnerabilities to force nearby phones to disconnect from real towers and connect to the attacker‑controlled fake tower.

Signal suppression : The rogue tower transmits at higher power, making phones think it is the strongest signal.

Forced attachment : Phones automatically attempt to attach to the strongest signal, falling into the attacker’s trap.

SMS delivery : Once attached, the attacker can bulk‑send phishing SMS messages masquerading as banks, government agencies, or service providers.

2.2 Scale of the incident

Affected devices : Over tens of thousands of phones were hijacked.

Network interruptions : More than 13 million mobile‑network connection drops were recorded.

Impact on emergency services : In some areas, 911 call access was briefly disrupted.

Geographic scope : The device moved throughout the Greater Toronto Area (GTA) while operating.

Authorities described the equipment as a “highly automated advanced tool” capable of handling massive numbers of target phones simultaneously.

3. Why Was It Undetected Until Now? – Inherent 2G/3G Protocol Weaknesses

The key technical focus is why such a “net‑casting” device had never been found in North America before.

3.1 Vulnerable legacy protocols

2G (GSM) and early 3G networks were designed for connectivity and efficiency, with relatively weak security authentication. Phones tend to “trust” the strongest signal without strict verification, providing an opening for rogue base stations.

3.2 Detection difficulty

Rogue devices are small, highly mobile, and can be hidden in vehicles, giving them a very short detection window that requires specialized wireless‑air interface monitoring equipment.

3.3 Low victim awareness

Most users do not notice brief signal loss, and when they receive phishing SMS they often assume it is a normal promotional message, resulting in a very low reporting rate.

4. China’s Experience with Rogue Base Stations

Users noted that “this technology has long existed in China.” Indeed, Chinese authorities have been combating rogue base stations since 2014, with mature detection and localization solutions from domestic security vendors and a specific criminal provision added in the 2015 amendment to the Criminal Law, allowing up to seven years imprisonment.

However, the Canadian case involved a higher degree of automation and scale, representing an advanced “rogue BTS” version rather than the traditional “rogue base station + SMS bomber” combo.

North America’s detection and mitigation capabilities are still lagging, as highlighted by Toronto Deputy Inspector‑General Robert Johnson: “This is a new and emerging threat; cyber‑criminal tactics are evolving rapidly.”

5. Defensive Recommendations from a Blue‑Team Perspective

Security analysts suggest defenses at three layers.

5.1 Network layer

Carriers should strengthen monitoring of abnormal base‑station signal activity, especially unauthorized temporary towers.

Accelerate 4G/5G upgrades to leverage stronger mutual authentication mechanisms and reduce hijack risk.

5.2 Device layer

Users should stay on 4G/5G networks and disable 2G‑only reception modes.

Enable any “trusted network only” security settings provided by the phone manufacturer.

5.3 User layer

Do not click links in unfamiliar SMS messages, especially those claiming to be from banks or government agencies.

Treat verification‑code messages with extreme caution; legitimate institutions never request codes via SMS.

If a phone loses signal for an extended period, be alert and consider restarting the device.

6. Conclusion

Toronto’s “Project Lighthouse” is the first publicly disclosed large‑scale SMS‑bomb case in North America, exposing a long‑standing vulnerability in mobile‑communication protocols. Technically, the attack is not novel—rogue base‑station techniques have existed for years—but its massive, prolonged operation in North America highlights gaps in existing defense mechanisms.

The broader significance for the security community is that, as 5G networks roll out, traditional wireless‑access‑layer risks must not be ignored; when phones automatically chase the strongest signal, distinguishing a legitimate tower from a rogue one becomes increasingly difficult.